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(57) Abstract: The present invention proposes a method for informing a lawful interception system of the serving system serving 
^ an intercepted target (MS) roaming within a communication network system, the communication network system comprising at 
^ least one serving system each serving system comprising at least one serving system node (SGSN) serving the intercepted target for 
O communication, the method comprising the steps of: first detecting a serving system node change request (1.) from the intercepted 

target (MS) towards a new serving system node which is currently not serving the target, first processing said serving system node 
^ change request at said new serving system node currently not serving the target, wherein said processing comprises the inclusion, to 
Q the request, of a serving system address of the new serving system node currently not serving the target, and first forwarding said 
^ processed request (2.) to an old serving system node currently serving the target. Also, the present invention proposes a serving 

system node adapted to be used in such a method. 
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Title of the Invention 

Informing a lawful interception system of the serving 
system serving an intercepted target 

5 

Field of the Invention 

The present invention relates to a method for informing a 
lawful interception system of the serving system serving an 
10 intercepted target, as well as to a correspondingly adapted 
serving system node of a serving system. 

. Background of the invention 

15 The provision of a lawful interception is a requirement of 
national law, which is usually mandatory. From time to 
time, a network operator and/or a service provider will be 
required, according to a lawful authorization, to make 
results of interception relating to specific identities 

20 (i.e. users and their terminals) available to a specific 
intercepting authority or Law Enforcement Agency (LEA) . 

There are various aspects of interception. The respective 
national law describes under what conditions and with what 

25 restrictions interception is allowed. If a LEA wishes to 
use lawful interception as a tool, it will ask a 
prosecuting judge or other responsible body for a lawful 
authorization, such as a warrant. If the lawful 
authorization is granted, the LEA will present the lawful 

30 authorization to an access provider which provides access 
from a user's terminal to that network, to the network 
operator, or to the service provider via an administrative 
interface or procedure. When a lawful interception is 
authorized, Intercept Related Information (IRI) and/or the 
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content of the corresponding communication (CC) are 
delivered to the LEA. 

The lawful authorization may describe the IRI and the 
content of the communication (CC) that are allowed to be 
delivered for this LEA. Typically, the interception period 
and interception target (e.g., a person's name or MSISDN 
number (s) related to SIM card(s) or IMEI code of a mobile 
terminal. For different LEAs and for different 
investigations, different constraints can apply that 
further limit the general borders set by the law. The 
interception target (i.e. the user's SIM card and/or 
terminal to be intercepted) may also be described in 
different ways in a lawful authorization, e.g. subscriber 
address, physical address, location, services etc. 



Such a lawful interception functionality is also needed in 
the packet switched part of new mobile data networks such 
as the GSM and the UMTS (also known as 2G GPRS and/or 3G 
20 GPRS) . 



Lawful interception is based on an EU Council resolution, 
which concerns all telecommunications systems, not only 
mobile ones. Lawful interception has been further 

25 subdivided to the lawful interception proper, and to the 

handover part of the intercepted data to the authorized law 
enforcement agency' s monitoring facility (LEMF) . The 3GPP 
and the European Telecommunications Standards Institute 
(ETSI) have defined further technical requirements. These 

30 requirements define three interfaces for each part of 
packet data interception and handover: 

XI (=HI1) : administrative tasks (HI1 may be on paper or fax 
or online or otherwise) 
35 X2 (=HI2) : IRI delivery (near real time) 
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X3 (=HI3) : intercepted user data (near real time) 

The interface XI carries interception requests. HI1 carries 
authorization documents , encryption keys and the like. The 
5 interface X2 and HI2 carry IRI (Interception Related 

Information) like phone numbers , service information, time 
stamps etc. The interface X3 carries the content of 
communication (CC) , i.e., the intercepted packets 
containing data sent and/or received etc. The exact 

10 definitions of the three interfaces are left to local 

legislation and authorities. The interfaces XI to X3 are 
referred in the 3GPP TS 33.107. The three HI interfaces are 
defined in 3GPP TS 33.108 and in ETSI ES 201 671 V2.1.1 as 
HI1/HI2/HI3 interfaces. 

15 With respect to Fig. 1, the lawful interception is 
described in more detail. Fig. 1 shows a reference 
configuration for the lawful interception for GPRS (General 
Packet Radio Systems) . Reference numeral 1 denotes a Law 
Enforcement Monitoring Facility (LEMF) mentioned above. The 

20 symbols XI, X2, X3, HI1 HI2 and HI3 denote the above- 
mentioned interfaces between the LEMF and respective 
network elements which are described in the following. 
Numeral 2_1 denotes an Administrative Function ADMF for LI 
(Lawful Interception) in the network. Numeral 2_2 indicates 

25 an IRI delivery function (also known as DF2/MF2 e.g. for 

packet data like GPRS), whereas numeral 2_3 indicates a CC 
delivery function (also known as DF3/MF3 e.g. for packet 
data) . The ADMF 2_1, the IRI delivery function 2_2 and the 
CC delivery function 2_3 are connected to a GSN (GPRS 

30 Support Node) 3 via interfaces Xl_l, X2 and X3, 

respectively. In addition, the IRI and CC delivery 
functions are connected with the ADMF 2_1 via interfaces 
Xl_2 and Xl_3, respectively. The GSN 3 can be an SGSN or a 
GGSN or other node intercepting user activity or frames 

35 containing user level packet data. 
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In this manner, the ADMF 2_1 is used together with the 
delivery functions to hide from the GSN that there might be 
multiple activations by different Law Enforcement Agencies 
5 (LEAs) on the same target. Additionally, the packet network 
complexity is hidden from the LEA(s) . 



10 In case of a packet switched services, the IRI and CC data 
are transmitted in packets to the LEMF 1, The packet flow 
starts from the packet intercepting node (i.e. GSN 3 in 
Fig. 1) to the delivery function nodes (i.e., IRI and CC 
delivery functions 2_2 and 2_3 in Fig. 1) to the LEMF 1. 

15 The LEMF system has a mass memory for packets, but it may 
also monitor packets as near real time streams. In GPRS, 
for example, the IRI data is defined to have some network 
attachment and/or PDP (Packet Data Protocol) context 
related data incorporated that relates the IRI to certain 

20 subscriber activity. The packets thus relate to a certain 
PDP context as an example of a network attachment and/or an 
active communication context (while only the context need 
to be active, not necessarily the communication need to be 
active in the sense of „ongoing") . 

25 

Thus, lawful interception is a topic, which mainly concerns 
core networks of communication networks, in particular, of 
(2G and/or 3G) packet switched communication networks. 



30 According to recent tendencies in communication network 
evolution, communication networks are adopted to interact 
with each other in a compatible manner. This means that 
communication networks operated by different operators 
interact with each other as well as communication networks 
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in different countries (having a respective different 
jurisdiction) interact with other. For the purpose of the 
present invention, a communication network operated by a 
specific operator is also referred to as a serving system 

5 serving an intercepted target MS roaming within the 

communication network system. The communication network 
system comprises at least one serving system, and each 
serving system in turn comprises at least one serving 
system node serving the intercepted target for 

10 communication. In case of GPRS (General Packet Radio 

Service) as an example of packet switched communication 
network and/or serving system, serving system nodes can be 
exemplified as SGSN (Serving GPRS Support Node) or GGSN 
(Gateway GPRS Support Node) . Interception of a target can 

15 take place already at an SGSN or at the GGSN. Also, 

according to agreed serving system architecture, the SGSNs 
of a serving system are connected to the GGSN thereof. 

Thus, a user traveling with his terminal such as a mobile 
20 station MS and/or a user equipment UE within such a 

communication network system, and being a target for lawful 
interception, is roaming within different networks and may 
even move out of the given warrant's (court order) 
jurisdiction. 

25 

Such circumstances have led to a requirement in lawful 
interception standardization that a home lawful 
interception LI system should know where the target 
(intercepted mobile) is roaming. Currently, if Operator A' s 

30 subscriber (as a target for lawful interception) is moving 
from operator A' s serving system node such as an SGSN (,/Old 
SGSN") to operator B's serving system node such as an SGSN 
(„new SGSN"), operator A' s GPRS network does not have 
sufficient information about the network/serving system the 

35 target terminal is moving to. Currently, only the SGSN's 
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Internet Protocol (IP) address is transferred from the new 
SGSN to the old SGSN in an SGSN Context Request, but the IP 
address does not identify the country and the operator 
network and/or serving system where the new SGSN is 
located. This information on where the target has moved to 
resides in the HLR but currently LI system is always 
connected to the SGSN and/or to the GGSN, never to HLR. 

In order to solve these difficulties, solutions for future 
networks (Rel5 UMTS) have been agreed upon in communication 
networks standardization by 3GPP (3 rd Generation 
partnership Project) . These solutions are for example 
described in 3GPP TS 33.108 V5.0.0 (2002-06) and 3GPP TS 
33.107 V5. 3.0 (2002-06). 

With these solutions, a requirement for the HLR (Home 
Location Register, as used in 2G) and/or HSS (Home 
Subscriber Server, as used in 3G) was introduced in that 
the HLR has to report to the DF/MF (Delivery Function / 
Mediation Function) the whereabouts of the new serving 
system serving node (SGSN) once an interception target is 
trying to attach thereto, or when the target is trying to 
change the serving operator's serving node to the new 
operator's serving node (for example in a inter SGSN inter 
PLNM RAU -Routing Area Update) . This is relevant once the 
target moves to an area and/or a serving system, which is 
out of the given LEA' s or warrant's jurisdiction. However, 
this reporting by the HLR requires from the HLR certain 
actions even if the target stays under the LEA' s or 
warrant's jurisdiction. Therefore, this current solution 
imposes a rather heavy overload on a HLR in terms of 
processing required as well as communication traffic over 
interfaces within the core network. While, without such 
additional efforts, the lawful interception system does not 
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know where the target is if the subscriber moves/changes to 
another PLMN (Public Land Mobile Network) . 



Summary of the invention 

5 

Consequently, it is an object of the present invention to 
provide an improved method for informing a lawful 
interception system of the serving system serving an 
intercepted target, as well as to a correspondingly adapted 
10 serving system node of a serving system. 

According to the present invention, the above object is for 
example achieved by a method for informing a lawful 
interception system of the serving system serving an 

15 intercepted target roaming within a communication network 
system, the communication network system comprising at 
least one serving system each serving system comprising at 
least one serving system node serving the intercepted 
target for communication, the method comprising the steps 

20 of: first detecting a serving system node change request 
from the intercepted target towards a new serving system 
node which is currently not serving the target, first 
processing said serving system node change request at said 
new serving system node currently not serving the target, 

25 wherein said processing comprises the inclusion, to the 
request, of a serving system address of the new serving 
system node currently not serving the target, and first 
forwarding said processed request to an old serving system 
node currently serving the target. 

30 

According to favorable further developments 

- said old serving system node currently serving the target 
informs the interception system of the serving system 
address of the new serving system node, 



WO 2004/010649 




7IB2002/002841 



- 8 - 



- the method comprises the further steps of second 
detecting at least one active communication context for 
said target, and in response thereto, generating a 
communication context update request to which is included 

5 the serving system address of the new serving system node 
currently not serving the target, and second forwarding 
said generated request to a gateway serving system node of 
the serving system currently serving the intercepted 
target, 

10 - said gateway serving system node informs the interception 
system of the serving system address of the new serving 
system node, 

- said serving system address of the new serving system 
node represents information about the serving system to 

15 which said new serving node belongs , 

- said information about the serving system to which said 
new serving node belongs comprises at least one of the 
following information items: serving node MSISDN number, 
serving node routing area identifier, serving node address, 

20 - said serving node routing area identifier contains 

information items representative of a mobile country code 
MCC, mobile network code MNC, location area code LAC, and 
routing area code RAC. 

25 Also, according to the present invention, the above object 
is for example achieved by a serving system node of a 
serving system, the serving system node being adapted to 
serve an intercepted target for communication, and being 
connectable to a lawful interception system, the serving 

30 system node comprising: first detection means adapted for 
first detecting a serving system node change request from 
the intercepted target, first processing means adapted for 
first processing said serving system node change request, 
wherein said processing is adapted to include, to the 

35 request, a serving system address of the serving system 
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node, and first forwarding means adapted for first 
forwarding said processed request to another serving system 
node currently serving the target. 

5 According to favorable further developments 

- the serving system node comprises informing means 
adapted to inform the interception system of the serving 
system address of a new serving system node, said informing 
means being active in case said serving system node is 

10 currently serving the target, 

- the serving system node comprises second detection 
means adapted for second detecting at least one active 
communication context for said target, and generation 
means, controlled by said second detection means, and 

15 adapted for generating a communication context update 

request to which is included the serving system address of 
the serving system node, and second forwarding means 
adapted for second forwarding said generated request to a 
gateway serving system node of the serving system currently 

20 serving the intercepted target, 

- said serving system address of the serving system 
node represents information about the serving system to 
which said new serving node belongs, 

- said information about the serving system to which 
25 said serving node belongs comprises at least one of the 

following information items: serving node MSISDN number, 
serving node routing area identifier, serving node address, 

- said serving node routing area identifier contains 
information items representative of a mobile country code 

30 MCC, mobile network code MNC, location area code LAC, and 
routing area code RAC. 

By virtue of the present invention, which, briefly stated, 
proposes that the old serving system node (SGSN and/or 
35 GGSN) report the address of the new serving system (and/or 
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whereabouts of the new serving system) to the lawful 
interception system, basically the following advantages can 
be achieved: 

- the previously known solution is improved, 

5 - it is easy to be implemented to 2G as well as 3G 

serving system nodes such as SGSN and/or GGSN, 

- the lawful interception system (already at the 
lawful interception gateway which may be a SGSN / GGSN) has 
the knowledge where the subscriber is (location and/or at 

10 least serving system (i.e. knowledge which operator runs 
the serving system serving the target) ; thus, the old 
serving system node (e.g. „old SGSN") and consequently 
delivery / mediation function get immediately the knowledge 
where the subscriber is moving to, as this information can 

15 be critical in case the new serving system node („new 
SGSN") is out of the LEA' s jurisdiction, 

- the HLR or other comparable databases/registers or 
servers such as HSS need no longer be involved in fetching 
the necessary information indicating where the intercepted 

20 subscriber (target) is or is moving to, 

- this, in turn, leads to the present invention 
defining a more efficient solution as no additional 
signaling with / processing by the HLR / HSS is required 
due to the fact that once a first (serving system node 

25 change request) or second detection (of an active 

communication context) is successful, the old serving 
system node (SGSN /GGSN) informs the LEA of the new serving 
system node's address information. 



30 Brief description of the drawings 

In the following, the present invention will be described 
in greater detail with reference to the accompanying 
drawings, in which 
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Fig. 1 shows a reference configuration for the lawful 
interception for GPRS (General Packet Radio Systems) as an 
example of a packet switched communication network and/or 
serving system; and 

5 

Fig. 2 shows a signaling scenario for an Inter SGSN Routing 
Area Update as known from 3GPP TS 23.060 used for 
explaining the present invention. 

10 Fig. 3 shows a signaling scenario for an Attach Procedure 
as known from 3GPP TS 23.060 used for explaining the 
present invention. 



Detailed description of the embodiments 

15 

For better understanding of the preset invention, it should 
be noted that the GSN as an example of a serving system 
node may be a SGSN or a GGSN in case of GPRS. Thus, the 
lawful interception system is connected to SGSN or GGSN as 

20 a serving system node, dependent on where the interception 
is performed. SGSN and GGSN are connected to each other and 
mutually exchange information, as required, via a 
connection element generally known as Gn interface. The 
lawful interception system „beyond" the serving system node 

25 SGSN/GGSN shown in Fig. 1 is omitted from the illustration 
in Fig. 2 in order to keep the drawing simple. 

Fig. 2 is described in detail in 3GPP TS 23.060, so that a 
detailed description thereof is omitted. It is to be noted 

30 that the boxes labeled CI to C4 define CAMEL action points 
which are not related to the present invention. The present 
invention, when referring to the signaling shown in Fig. 2, 
affects steps 2. and/or 6., i.e. the SGSN Context Request 
and the Update PDP Context Request as respective examples 

35 in connection with GPRS as a serving system. When referring 



10 



15 



WO 2004/010649 WW W pT/IB2002/002841 

- 12 - 

to the signaling shown in Fig. 3, the present invention 
affects step 2., i.e. the Identification Request, as 
explained later on. 

Subsequently, the present invention will be set out in 
greater detail. 

As is commonly agreed, the blocks in Figs. 2 and 3 arranged 
in horizontal direction indicate network entities and/or 
terminals involved in the signaling, whereas the arrows 
there between in horizontal direction represent the 
signaling. The time relation within the signaling is 
reflected by the numbering of the arrows as well as by the 
vertical arrangement of these. 



MS denotes a mobile station and/or user equipment (UE) as a 
target to bee intercepted. The target accesses a serving 
system such as the GPRS network via a base station 
subsystem BSS representing an access network. The serving 

20 system comprises at least one serving system node such as a 
SGSN and/or GGSN. As shown in Fig. 2, there is an „new M and 
an „old" SGSN. „New" means that the target has moved/roamed 
to an area in which the new serving system node is 
determined to be in charge of serving the target. „01d w 

25 means that the old SGSN has formerly been or is currently 
still in charge of serving the target (until the new one 
has fully taken over serving of the target) . The „new" and 
the „old" serving system node can be nodes of different 
serving systems which may be in different countries and/or 

30 operated by different operators. 

The present invention conceives a method for informing a 
lawful interception system (not shown in Fig. 2) of the 
serving system serving an intercepted target MS roaming 
35 within a communication network system. The information 
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related to the serving system is referred to as serving 
system address. The communication network system comprises 
at least one serving system, each serving system comprising 
at least one serving system node serving the intercepted 
5 target for communication. 

With reference to Fig. 2, assuming that the old and new 
SGSN are operated by the same operator, there is shown one 
serving system having two serving system nodes illustrated. 

10 Whereas in case that it is assumed that the old and the new 
SGSN represent serving system nodes operated by different 
operators and/or in different countries, there is shown a 
situation with two serving systems each having one serving 
system node illustrated; the old SGSN could reside in the 

15 home network of the target subscriber, whereas the new SGSN 
would reside in a visited network to which the target has 
roamed . 



When roaming to an area in which a new serving system node 

20 is determined to be in charge for serving the target, the 
target issues a serving system node change request (step 
1.). In case of GPRS being the basis of a serving system, 
such a serving system node change request is referred to as 
Routing Area Update RAU request. This request is 

25 communicated to the new serving system node. The serving 
system node then performs a first detecting of this 
serving system node change request received from the 
intercepted target MS and communicated to the new serving 
system node which is currently not serving the target. The 

30 thus detected serving system node change request is 

subjected, at the new serving system node currently not 
serving the target, to a first processing (not shown in 
Fig. 2) . The processing comprises the inclusion, to the 
(detected and received) request, of a serving system 

35 address of the new serving system node currently not 
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serving the target. Then, there is performed a first 
forwarding of said processed request (step 2.) to the old 
serving system node currently (still) serving the target. 
This old serving system node currently serving the target 
subsequently informs the interception system (not shown) of 
the serving system address of the new serving system node. 
Stated in other words, in case of the lawful interception 
system being connected to the SGSN, the (old) SGSN informs 
the LEA directly. In case the lawful interception system is 
connected to the GGSN, the SGSN transfers the information 
to the GGSN which in turn transmits it to the LEA. 

Furthermore, the new serving system node, to which the 
target roams, performs a second detecting of whether there 
is at least one active communication context for said 
target (such as for example a PDP context active) . If so, 
the node generates a communication context update request 
(e.g. an Update PDP Context Request) to which request is 
included the serving system address of the new serving 
system node currently not serving the target. Subsequently, 
a second forwarding of said generated request (step 6.) to 
a gateway serving system node (e.g. GGSN) of the serving 
system currently serving the intercepted target is 
performed. 

Then, said gateway serving system node (e.g. GGSN) informs 
the interception system (and/or in the end the LEA) of the 
serving system address of the new serving system node. That 
is, in case of the lawful interception system being 
connected to the GGSN, the GGSN informs the LEA directly. 
In case the lawful interception system is connected to the 
SGSN, the GGSN transfers the information to the old SGSN 
which in turn transmits it to the LEA. 
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The serving system address of the new serving system node 
represents information indicative of the serving system to 
which said new serving node belongs. Any such information 
can be used for this purpose as long as it is sufficient to 

5 distinguish the serving system nodes as well as the 

location / serving system to which they belong from each 
other. Hence, the information about the serving system to 
which said new serving node belongs comprises, for example 
in case of GPRS serving systems, at least one of the 

10 following information items: serving node MSISDN number, 
serving node Routing Area Identifier RAI, serving node 
address. In other serving systems, the information element 
(IE) may be referred to by other names. 

15 The above mentioned serving node routing area identifier in 
turn contains information items representative of a mobile 
country code MCC, mobile network code MNC, location area 
code LAC, and routing area code RAC, thereby uniquely 
defining the node as such as well as its location within 

20 the network system and in particular the network / serving 
system to which it belongs. 

Herein before, the present invention has been described 
with a focus on the method according to the present 

25 invention. Nevertheless, the present invention concerns 
also a correspondingly adapted serving system node of a 
serving system, the serving system node being adapted to 
serve an intercepted target MS for communication, and being 
connectable to a lawful interception system. As will be 

30 readily understood by those skilled in the art from the 

foregoing description of the method, such a serving system 
node comprises first detection means adapted for performing 
a first detecting of a serving system node change request 
from the intercepted target MS, a first processing means 

35 adapted for performing a first processing of said serving 
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system node change request, wherein said processing is 
adapted to include, to the request, a serving system 
address of the serving system node, and also comprises a 
first forwarding means adapted for performing a first 
forwarding of said processed request to another serving 
system node currently serving the target. 

Also, a corresponding serving system node comprises an 
informing means adapted to inform the lawful interception 
system of the serving system address of a new serving 
system node, said informing means being active in case said 
serving system node is currently serving the target. The 
node may inform the lawful interception system and/or the 
LEA directly in case the interception system is connected 
to the node (e.g. node is SGSN or GGSN and lawful 
interception is connected to SGSN or GGSN, respectively) . 
Alternatively, also indirect informing can take place (e.g. 
in case the node is SGSN and lawful interception system is 
connected to GGSN) . 

Furthermore, the proposed serving system node according to 
the present invention comprised a second detection means 
adapted for performing a second detecting of at least one 
active communication context for said target, and has a 
generation means, controlled by said second detection 
means, and adapted for generating a communication context 
update request to which is included the serving system 
address of the serving system node. Also, a second 
forwarding means is provided which is adapted for second 
forwarding said generated request to a gateway serving 
system node (GGSN) of the serving system currently serving 
the intercepted target. So, referring to the example shown 
in Fig. 2, the new SGSN forwards the Update PDP Context 
Request either to the GGSN of its own serving system in 
case the new SGSN belongs to the same serving system as the 
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old SGSN, or forwards the Update PDP Context Request to the 
GGSN of the old serving system (currently serving the 
target) in case the new SGSN does not belong to the same 
serving system as the old SGSN but to another one (e.g. in 
5 another country and/or operated by another operator) . 

Similarly as in connection with the above described method, 
also in connection with the serving system node according 
to the present invention, said serving system address of 

10 the serving system node represents information about the 

serving system to which said new serving node belongs. Said 
information about the serving system to which said serving 
node belongs comprises at least one of the following 
information items: serving node MSISDN number, serving node 

15 routing area identifier, serving node address, and said 
serving node routing area identifier contains information 
items representative of a mobile country code MCC, mobile 
network code MNC, location area code LAC, and routing area 
code RAC. 

20 

Thus, as will be appreciated from the foregoing 
description, with this invention, (when adhering to the 
chosen example of GPRS as a basis of a packet switched 
communication network and/or serving system) , a new 

25 information element IE is added to the SGSN Context Request 
that identifies the network where the new SGSN is located. 
This information will be the E.164 (MSISDN) number of the 
SGSN, which includes information about the country and 
network, and/or a Routing Area Identity (RAI) . This 

30 information is specified in 3GPP TS 23.003 and it is 

available in all SGSN's. (Both the MSISDN number in E.164 
format and RAI are already defined in the ASN.l object 
tree, given in 3GPP TS 33.108.) 
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This invention thus proposes that the old SGSN shall use 
for the purpose of lawful interception the new SGSN's RAI, 
once the old SGSN gets this information element with the 
■Identification Request' message / SGSN context request 
5 message. The new SGSN sends the message once the MS / UE 
tries to attach to it. 

Stated in other words, the detected serving system node 
change request may not only be a routing area update RAD 

10 request as shown in Fig. 2, but may also be an Attach 
Request as shown in Fig. 3 (taken also from 3GPP TS 
23.060), which is subsequently processed as described above 
in connection with the RAU request (thus yielding an 
Identification Request modified according to the processing 

15 according to the present invention applied to the Attach 
Request) . 

After the old SGSN gets the new SGSN's MSISDN number and/or 
RAI, the lawful interception (LI) system can get it from 
20 the old SGSN (directly or via the GGSN) and LEA then gets 
the information (IRI data) about where the target is 
located. 

In case user to be intercepted has at least one active PDP 
25 context, the new SGSN generates and sends an Update PDP 

Context Request to GGSN. The invention proposes to add the 
above mentioned new information element into that message 
as well. In this way, the LI system attached to GGSN can 
identify instances when user changes PLMN. (GGSN may report 
30 also to SGSN which then informs LI system) . 



As the protocol used between SGSN's, it is to be noted that 
GTP (GPRS Tunneling Protocol) specified in 3GPP TS 29.060 
is used. 
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According to the invention, the information element is 
obtained once the target moves to an area of a new serving 
system node (i.e. new SGSN) , from which LEA is for example 
5 not entitled to get any interception for this target. 
Therefore, it is proposed to pass the Routing Area 
Identifier RAI, which contains Mobile Country Code MCC, 
Mobile Network Code MNC, Location Area Code LAC and Routing 
Area Code RAC of the new SGSN, once the new SGSN is asking 
10 the old one to send the SGSN contexts. (Nevertheless, the 
proposed signaling also takes place if the target moves to 
a new serving node SGSN from which LEA is still entitled to 
get interception.) 

In such a way, the old SGSN will come to know itself, and 
tell the LEA, that the target has moved out of the given 
warrant's (court order) jurisdiction. Besides, the RAI 
shall tell the LEA in which country and from which operator 
the target gets the services after the RAU. 

Apparently, the above mentioned does not require any 
involvement of the HLR / HSS, so that there are no extra 
signaling tasks to perform. Protecting HLR resources is the 
effectively achieved by the invention, while easily finding 
out the location (country and more specific coordinates) 
and network (i.e. which visited network the target is 
using/attached to) to which the target is roaming. 

The present invention thus addresses the three following 
30 sub procedures within the two procedures (Attach and 
Routing Area Update Procedure, respectively) : 

- SGSN Context Request/Response/Acknowledge (within 
the inter SGSN RAU procedure), 

- Update PDP Context Request/Response (within the 
35 inter SGSN RAU procedure), and 



20 
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- Identification Request/Response (within the Attach 
procedure) . 

Accordingly, as has been described herein above, the 
present invention proposes a method for informing a lawful 
interception system of the serving system serving an 
intercepted target MS roaming within a communication 
network system, the communication network system comprising 
at least one serving system each serving system comprising 
at least one serving system node SGSN serving the 
intercepted target for communication, the method comprising 
the steps of: first detecting a serving system node change 
request 1 from the intercepted target MS towards a new 
serving system node which is currently not serving the 
target, first processing said serving system node change 
request at said new serving system node currently not 
serving the target, wherein said processing comprises the 
inclusion, to the request, of a serving system address of 
the new serving system node currently not serving the 
target, and first forwarding said processed request 2 to an 
old serving system node currently serving the target. Also, 
the present invention proposes a serving system node 
adapted to be used in such a method. 

Thus, from the foregoing description of the present 
invention, it will become clear that having regard to the 
previous solutions as outlined above with reference to 3GPP 
TS 33.108 V5.0.0 (2002-06) and 3GPP TS 33.107 V5 . 3 . 0 (2002- 
06) , the present invention will lead to the changes to 
these agreed solutions as follows: 

(note that numberings refer to the numbering of section in 
the respective technical specification TS) 



A) As to 3GPP TS 33.108 V5.0.0 (2002-06): 
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6.5 IRI for packet domain 

Intercept related information will in principle be 
available in the following phases of a data transmission: 

1. At connection attempt when the target identity becomes 
5 active, at which time packet transmission may or may 

not occur (set up of a data context, target may be the 
originating or terminating party) ; 

2. At the end of a connection, when the target identity 
becomes inactive (removal of a data context) ; 

10 3. At certain times when relevant information are 
available. 

In addition, information on non-transmission related 
actions of a target constitute IRI and is sent via HI2, 
e.g. information on subscriber controlled input. 
15 The intercept related information (IRI) may be subdivided 
into the following categories: 

1. Control information for HI2 (e.g. correlation 
information) ; 

2. Basic data context information, for standard data 
20 transmission between two parties. 

The events defined in ref [11] are used to generate records 
for the delivery via HI2. 

There are eight different event types received at DF2 
level. According to each event, a Record is sent to the 
25 LEMF if this is required. The following table gives the 

mapping between event type received at DF2 level and record 
type sent to the LEMF. 
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Table 6.1: Mapping between UMTS Data Events and HI2 records type 





mmmmmmmmmmm 


GPRS attach 


REPORT 


GPRS detach 


REPORT 


PDP context activation (successful) 


BEGIN 


PDP context modification 


CONTINUE 


PDP context activation (unsuccessful) 


REPORT 


Start of intercept with PDP context active 


BEGIN 


PDP context deactivation 


END 


Location update 


REPORT 


SMS 


REPORT 


ServingSystem I 


REPORT 



A set of information is used to generate the records. The 
5 records used transmit the information from mediation 

function to LEMF. This set of information can be extended 
in the GSN or DF2 MF, if this is necessary in a specific 
country. The following table gives the mapping between 
information received per event and information sent in 
10 records . 
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Table 6.2: Mapping between Events Information and IRI information 







WMMMMMmrmmmm 


observed MSISDN 


Target Identifier with the MSISDN of the target 
SUPSCriDgr (monitored supscnperj. 


partylnformation (party-identiity) 


observed IMSI 


Target Identifier with the iwioi ot tne target 
subscriber (monitored subscriber). 


partylnformation (party-identity) 


observed IMEI 


Target Identifier with the IMtl of the target 
subscriber (monitored subscriber) 


partylnformation (party-identity) 


observed PDP 
address 


PDP address used by the target- 


partylnformation 
(services-data-information) 


event type 


Description which type of event is delivered: PDP 
Context Activation, PDP context Deactivation^ pko 
Attach, etc. 


gPRSevent 


event date 


Date of the event generation in the xGSN 


timeStamp 


event time 


Time of the event generation in the xGSN 


access point name 


The APN of the access point 


partylnformation 
(services-data-information) 


PDP type 


This field describes the PDP type as defined in TS 
GSM 09.60. TS GSM 04.08, TS GSM 09.02 


partylnformation 
(services-data-information) 


initiator 


This field indicates whether the PDP context 
activation, deactivation, or modification is MS 
directed or network initiated. 


initiator 


correlation number 


Unique number for each PDP context delivered to 
the LEMF, to help the LEA, to have a correlation 
between each PDP Context and the IRI. 


gPRSCorrelationNumber 


lawful interception 
identifier 


Unique number for each lawful authorization. 


lawfullnterceptionldentifier 


location information 


This field provides the service area identity, RAI 
and/or location area identity that is present at the 
SGSN at the time of event record production. 


locationOfTheTarget 


SMS 


The SMS content with header which is sent with the 
SMS-service 


sMS 


failed context 
activation reason 


This field gives information about the reason for a 
failed context activation of the target subscriber. 


gPRSOperationErrorCode 


failed attach reason 


This field gives information about the reason for a 
failed attach attempt of the target subscriber. 


gPRSOperationErrorCode 


service center 
address 


This field identifies the address of the relevant 
server within the calling (if server is originating) or 
called (if server is terminating) party address 
parameters for SMS-MO or SMS-MT. 


serviceCenterAddress 


umts QOS 


This field indicates the Quality of Service 
associateu witn tne pup oontext proceaure. 


qOS 


context 

deactivation reason 


This field gives information about the reason for 
context deactivation ot tne target suuscriDer. 


gPRSOperationErrorCode 


network identifier 


Operator ID plus SGSN or GGSN address. 


networkldentifier 


iP assignment 


Observed PDP address is statically or dynamically 
assigned. 


iP-assianment 


SMS originating 
address 


Identifies the originator of the SMS message. 


DataNodeAddress 


SMS terminating 
address 


Identifies the intended recipient of the SMS 
message. 


DataNodeAddress 


SMS initiator 


Indicates whether the SMS is MO, MT, or Undefined 


sms-initiator 


serving SGSN 
number 


An E.164 number of the serving SGSN. 


ServingSGSN-Number 


sServing SGSN 
address 


An IP address of the serving SGSN. 


ServingSGSN-Address 


servino SGSN RAI 


Routinq Area Identity of the new SGSN 


Rai fservinqSGSN-RAI) 



NOTE: UID parameter must be present in each record sent to the LEMF. 
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6.5.1 Events and information 

This clause describes the information sent from the 
Delivery Function (DF) to the Law Enforcement Monitoring 
5 Facility (LEMF) to support Lawfully Authorized Electronic 
Surveillance (LAES) . The information is described as 
records and information carried by a record. This focus is 
on describing the information being transferred to the 
LEMF. 

10 The IRI events and data are encoded into records as defined 
in the Table 6-1 Mapping between GPRS Events and HI2 
records type and Annex B.3 Intercept related information 
(HI2) [1] . IRI is described in terms of a f causing event' 
and information associated with that event. Within each 

15 IRI Record there is a set of events and associated 

information elements to support the particular service. 
The communication events described in Table 6-1: Mapping 
between GPRS Events and HI2 record type and Table 6-2: 
Mapping between Events information and IRI information 

20 convey the basic information for reporting the disposition 
of a communication. This clause describes those events 
and supporting information. 

Each record described in this clause consists of a set of 
parameters. Each parameter is either: 
25 mandatory (M) - required for the record, 

conditional (C) - required in situations where a 

condition is met (the condition is given in the 
Description) , or 

optional (0) - provided at the discretion of the 
30 implementation. 

The information to be carried by each parameter is 
identified. Both optional and conditional parameters are 
considered to be OPTIONAL syntactically in ASN.l Stage 3 
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descriptions. The Stage 2 inclusion takes precedence over 
Stage 3 syntax. 



6.5.1.1 REPORT record information 

The REPORT record is used to report non-communication 
related subscriber actions (events) and for reporting 
unsuccessful packet-mode communication attempts. 
The REPORT record shall be triggered when: 

- the intercept subject's mobile station performs a GPRS 
attach procedure (successful or unsuccessful) ; 

- the intercept subject's mobile station performs a GPRS 
detach procedure; 

- the intercept subject's mobile station is unsuccessful 
at performing a PDP context activation procedure; 

_ the intercept subject's mobile station performs a 

cell, routing area, or combined cell and routing area 
update . The new SGSN always reports the event, if 
applicable. The old SGSN should report the event ; 

the intercept subject's mobile station sends an SMS- 
Mobile Originated (MO) communication. Dependent on 
national requirements, the triggering event shall occur 
either when the 3G SGSN receives the SMS from the 
target MS or, when the 3G SGSN receives notification 
that the SMS-Centre successfully received the SMS; 

for GSM and UMTS systems deployed in the U.S., a REPORT 
record shall be triggered when the 3G SGSN receives an 
SMS-MO communication from the intercept subject's 
mobile station; 

- the intercept subject's mobile station receives a SMS 
Mobile-Terminated (MT) communication. Dependent on 
national requirements, the triggering event shall occur 
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10 



either when the 3G SGSN receives the SMS from the SMS- 
Centre or, when the 3G SGSN receives notification that 
the target MS successfully received the SMS; 

for GSM and UMTS systems deployed in the U.S., a REPORT 
record shall be triggered when the 3G SGSN receives an 
SMS-MT communication from the SMS-Centre destined for 
the intercept subject's mobile station; 

- as a national option, a mobile terminal is authorized 
for service with another network operator or service 
provider . 

Table 6.3: GPRS Attach REPORT Record 



observed MSISDN 



observed IMSI 



observed IME1 



Provide at least one and others when available. 



event type 



Provide GPRS Attach event type. 



event date 



M 



Provide the date and time the event is detected. 



event time 



network identifier 



M 



Shall be provided. 



lawful intercept identifier 



M 



Shall be provided. 



location information 



Provide, when authorized, to identify location information for the 

intercept subject's MS. 

Provide information about the reason for failed attach attempts of 
the target subscriber. 



failed attach reason 



serving SGSN RAI 



Provided only bv the old SGSN. when the alternative serving 
system reporting is supported, and if the new SGSN sends the 
Identification Request to it 



Table 6.4: GPRS Detach REPORT Record 



observed MSISDN 


C 


Provide at least one and others when available. 


observed IMSI 


observed IMEI 


event type 


C 


Provide GPRS Detach event type. 


event date 


M 


Provide the date and time the event is detected. 


event time 


network identifier 


M 


Shall be provided. 


lawful intercept identifier 


M 


Shall be provided. 


location information 


C 


Provide, when authorized, to identify location information for the 
intercept subject's MS. 
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Table 6.5: PDP Context Activation (unsuccessful) REPORT Record 







observed MS1SDN 




Dmvirio »t least one and others when available. 


observed IMSI 


C 


observed IMEI 
observed PDP address 


C 


Provide to identify either the: 

- static address requested by the intercept subject's MS in 
association with a subjecttnitiated PDP context activation 
request for unsuccessful PDP context activation requests; or 

- address offered by the network in association with a network- 
initiated PDP context activation request when the intercept 
subject's MS rejects the network-initiated PDP context 
activation. . 


iP assignment 


C 


Provide to indicate observed PDP address is statically or 

dynamically assigned. 

Provide PDP Context Activation event type. 


event type 
event date 


C 
M 


Provide the date and time the event is detected. 


event time . 

access point name 


C 


Provide to Identify either the: 

- packet data network to which the intercept subject requested 
to be connected when the intercept subject's mobile station is 
unsuccessful at performing a PDP context activation 
procedure (MS to Network); or 

- access point of the packet data network that requested to be 
connected to the MS when the intercept subject's mobile 
station rejects a network-initiated PDP context activation 
fNetworktoMS). ^ 


PDP type 


C 


Provide to describe the PDP type of the observed PDP address. 
The PDP Type defines the end user protocol to be used between 
the external packet data network and the MS. 


initiator 

network identifier 


C 
M 


Provide to Indicate whether the PDP context activation is 
network-initiated, intercept-subiect-initiated. or not available. 
Shall be provided. — 


lawful intercept identifier 
location information 


M 

C 


Shall be provided, — - — — — 

Provide, when authorized, to identify location information for the 
intercept subject's MS. — — _ 


failed context activation 

reason 

QOS 


C 
C 


" Provide information about the reason for failed context activauon 

attempts of the target subscriber. 

Provide to identify the QOS parameters. 
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Table 6.6: Location Information Update (with No POP Context Active) REPORT Record 







observed MSISDN 


C 


Provide at least one and others when available. 


observed IMSI 


observed EV1EI 


event type 


C 


PrnvidA 1 ocation Information (JnHatA pvpnt tvnfi 


event date 


M 


Provide the date and time the event is detected. 


event time 


network identifier 


M 


Shall be provided. 


lawful intercept identifier 


M 


Shall be provided. 


location information 


C 


Provide, when authorized, to identify location information for the 
intercept subject's MS. 


serving SGSN RAI 


C 


Provided onlv bv the old SGSN. when the alternative servina 




svstem reoortina is supported, and if the new SGSN sends the 


Identification Reauest to it 


servina SGSN number 


C 


Provided onlv bv the old SGSN. when the alternative servina 




svstem reoortina is supported, and if the new SGSN sends the 


Identification Request to it 



Table 6.7: SMS-MO and SMS-MT Communication REPORT Record 







observed MSISDN 


c 


Provide at least one and others when available. 


observed IMSI 


observed IMEI 


event type 


c 


Provide SMS event type. 


event date 


M 


Provide the date and time the event is detected. 


event time 


network identifier 


M 


Shall be provided. 


lawful intercept identifier 


M 


Shall be provided. i 


SMS originating address 


O 


Provide to identify the originating and destination address of the 
SMS message 


SMS destination address 


location information 


C 


Provide, when authorized, to identify location information for the 
intercept subject's MS. 


SMS 


C 


Provide to deliver SMS content, including header which is sent 
with the SMS-service. 


service center address 


C 


Provide to identify the address of the relevant SMS-C server. If 
SMS content is provided, this parameter is optional. 


SMS initiator 


M 


Indicates whether the SMS is MO, MT, or Undefined. 



5 Table 6.8: Serving System REPORT Record 









observed MSISDN 


c 


Provide at least one and others when available. 


observed IMSI 


obcorvod IMEI 


event type 


c 


Provide Serving System event type. 


event date 


M 


Provide the date and time the event is detected. 


event time 


network identifier 


M 


Network identifier of the HLR reporting the event 


lawful intercept identifier 


M 


Shall be provided. 


ServingSGSN-Number 


C 


Provide to identify the E.164 number of the serving SGSN. 


ServingSGSN-Address 


C 


Provide to identify the IP address of the serving SGSN. 
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6.5.1.2 BEGIN record Information 

The BEGIN record is used to convey the first event of 
packet-data communication interception . 
The BEGIN record shall be triggered when: 

- successful PDP context activation; 

- the interception of a subject's communications is 

started and at least one PDP context is active. If 
more than one PDP context is active, a BEGIN record 
shall be generated for each PDP context that is 
active. 



WO 2004/010649 



7IB2002/002841 



- 30 - 



Table 6.98: PDP Context Activation (successful) BEGIN Record 








observed MSISDN 




Provide at least one and others when available. 


observed IMSI 


c 


observed IMEI 






observed PDP address 


c 


Provide to identify one of the following: 

- static address requested by the intercept subject's MS, and 
allocated by the Network for a successful PDP context 
activation; 

- address allocated dynamically by the network to the intercept 
subject MS in association with a PDP context activation (i.e., 
address is sent by the Network in an Activate PDP Context 
Accept) for a successful PDP context activation procedure 
when the PDP Context activation request does not contain a 
static PDP address; or 

- address offered by the network in association with a network- 
initiated PDP context activation request when the intercept 
subject's MS accepts the network-initiated PDP context 
activation request 


IP assignment 


c 


Provide to indicate observed PDP address is statically or 
dynamically assigned. 


event type 


c 


Provide PDP Context-Activation event type. 


event date 


M 


Provide the date and time the event is detected. 


event time 






access point name 


C 


Provide to identify the: 

- packet data network to which the intercept subject requested 
to be connected when the intercept subject's MS is successful 
at performing a PDP context activation procedure (MS to 
Network). 

- access point of the packet data network that requested to be 
connected to the MS when the intercept subject's MS accepts a 
network-initiated PDP context activation (Network to MS). 


PDP type 


c 


Provide to oescnoe xne rur type or uie uuaci »cu avui^o^. 
The PDP Type defines the end user protocol to be used between 
the external packet data network and the MS. 


initiator 


c 


Provide to indicate whether the PDP context activation is 
network-initiated, intercept-subject-initiated, or not available. 


network identifier 


1 M 


Shall be provided. 


correlation number 


C 


Provide to uniquely identify the PDP context delivered to the 
LEMF and to correlate IRI records with CC. 


lawful intercept identifier 


M 


Shall be provided. 


location information 


C 


Provide, when authorized, to identify location information for the 
intercept subject's MS. 


QOS 


C 


Provide to identify the QOS parameters. 



WO 2004/010649 




7IB2002/002841 



- 31 - 



Table 6.108: Start Of Interception (with PDP Context Active) BEGIN Record 





mmm 




observed MSISDN 


c 


Provide at least one and others when available. 


observed IMSI 
observed IMEI 


observed PDP address 


c 


Provide to identify the: 

- static address requested by the intercept subject s MS, and 
allocated by the NetworK tor a successful rur vwiwm 
activation. . 

- address allocated dynamically by the network to the intercept 
subject MS in association with a PDP context activation (i.e., 
address is sent by the Network in an Activate PDP Context 
Accept) for a successful PDP context activation procedure 
when the PDP Context activation request does not contain a 
static PDP address. 

- address offered by the network in association with a network- 
initiated PDP context activation request when the intercept 
subject's MS accepts the network-initiated PDP context 
activation request . — 

" Provide Start Of Interception With PDP Context Active event type. 


event type 
event date 
event time 


c 

M 


Provide the date and time the event is detected. 


access point name 


C 


Provide to identify the: 

„«*,.#«fL- i«fhir«h the* intf*re©c>t subiect reOUestOu 

- packet data nevwoiK 10 wnicn uit? iuwiwshi omwjovi. « v^«iww»w» 
to be connected when the intercept subject's MS is successful 
at performing a PDP context activation procedure (MS to 

M a4« rlr\ 

NetworK}. 

- access point of the packet data network that requested to be 
connected to the MS when the intercept subject's MS accepts a 
network-initiated PDP context activation (Network to MS). 


PDP type 


C 


DrnuiHA tf% d^cribe the PDP tvoe of the observed PDP address. 
The PDP Type defines the end user protocol to be used between 
the external packet data network and the MS. 


initiator 


C 


Provide to indicate whether the PDP context activation is 
network-initiated, intercept-subject-initiated, or not available. 


network identifier 
correlation number 


M 

C 


Shall be provided. 

Provide to uniquely identify the PDP context delivered to tne 
i FMF and to correlate IRI records with CC. 


lawful intercept identifier 
location information 

QOS 


M 

C 

C 


Shall be provided. __ 

Provide, when authorized, to identify location information tor the 

intercept subject's MS. 

Provide to identify the QOS parameters. 



6.5.1.3 CONTINUE record ±nf ormatlon 

The CONTINUE record is used to convey events during 
5 active packet-data communication PDP Context. 
The CONTINUE record shall be triggered when: 
- An active PDP context is modified; 
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Table 6.110: PDP Context Modification CONTINUE Record 









observed MSISDN 




Provide at least one and others when available. 


observed IMSI 


c 


observed IMEI 






observed PDP address 


c 


The observed address after modification 
Provide to identify the: 

- static address requested by the intercept subject's MS, and 
allocated by the Network for a successful PDP context 
activation. 

- address allocated dynamically by the network to the intercept 
subject MS in association with a PDP context activation (i.e., 
address is sent by the Network in an Activate PDP Context 
Accept) for a successful PDP context activation procedure 
when the PDP Context activation request does not contain a 
static PDP address. 

- address offered by the network in association with a network- 
initiated PDP context activation request when the intercept 
subject's MS accepts the network-initiated PDP context 
activation request 


event type 


c 


Provide the PDP Context Modification event type. 


event date 


M 


Provide the date and time the event is detected. 


event time 






access point name 


c 


Provide to identify the: 

- packet data network to which the intercept subject requested 
to be connected when the intercept subject's MS is successful 
at performing a PDP context activation procedure (MS to 
Network). 

- access point of the packet data network that requested to be 
connected to the MS when the intercept subject's MS accepts a 
network-initiated PDP context activation (Network to MS). 


PDP type 


c 


Provide to describe the PDP type of the observed PDP address. 
The PDP Type defines the end user protocol to be used between 
the external packet data network and the MS. 


initiator 


c 


Provide to indicate whether the PDP context activation is 
network-initiated, intercept-subject-initiated, or not available. 


network identifier 


M 


Shall be provided. 


correlation number 


C 


Hrovio© to uniquely loenwiy ui" rur uui hual uchvcicu w u««* 
LEMF used to correlate IR1 records with CC. 


lawful intercept identifier 


M 


Shall be provided. 


location information 


C 


Provide, when authorized, to identify location information for the 
intercept subject's MS. 


QOS 


C 


Provide to identify the QOS parameters. 


servina SGSN RAI 


C 


Provided onlv bv the old SGSN. when the alternative servina 




svstem reoortina is suooorted. and if the new SGSN sends the 






Identification Reauest to it. 


servlna SGSN number 


C 


Provided onlv bv the old SGSN. when the alternative servina 




system reportina is suooorted. and if the new SGSN sends the 






Identification Reauest to it 



6* 5.1,4 END record information 

The END record is used to convey the last event of packet- 
5 data communicati on interception. 

The END record shall be triggered when: 
- PDP context deactivation. 
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Table 6.124: PDP Context Deactivation END Record 



observed MSISDN 



observed IMSt 



observed IMEj 



observed PDP address 



Provide at least one and others when available. 



Provide to identify the PDP address assigned to the intercept 
subject, if available. 



Provide PDP Context Deactivation event type. 



event date 



M 



Provide the date and time the event is detected. 



event time 



access point name 



Provide to identify the packet data network to which the intercept 

subject is connected. - — 

Provide to describe the PDP type of the observed PDP address. 
The PDP Type defines the end user protocol to be used between 
the external packet data network and the MS. 



10 



15 



PDP type 



initiator 



network identifier 



C 



Provide to indicate whether the PDP context deactivation is 
network-initiated, intercept-subject-initiated, or not available. 



Shall be provided. 



correlation number 



lawful intercept identifier 



M 



Provide to uniquely identify the PDP context delivered to the LEWI 

and to correlate IRI records with CC. , 

Shal l be provided. 



location information 



Provide, when authorized, to identify location information for the 
intercept subject's MS 



context deactivation reason 



Provide to indicate reason for deactivation. 



6.6 IRI reporting for packet domain at GGSN 

As a national option, in the case where the GGSN is 
reporting IRI for an intercept subject, the intercept 
subject is handed off to another SGSN and the same GGSN 
continues to handle the content of communications subject 
to roaming agreements, the GGSN shall continue to report 
the following IRI of the content of communication: 

- PDP context activation; 

- PDP context deactivation; 

_ Start of interception with PDP context activej_ 



- PDP con text modification . 
6.7 



Content of communication interception for 
packet domain at GGSN 



As a national option, in the case where the GGSN is 
performing interception of the content of communications, 
the intercept subject is handed off to another SGSN and the 
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same GGSN continues to handle the content of communications 
subject to roaming agreements, the GGSN shall continue to 
perform the interception of the content of communication. 



******* Next Modification ******* 



IRI- Parameters : :« SEQUENCE 

^ hi2DomainId [0] OBJECT IDENTIFIER, — 3 GPP HI2 domain 

iRI version [23] ENUMERATED 

{ 

version2{2), 
} OPTIONAL, 

— if not present/ it means version 1 is handled 
lawfullnterceptionldentifier [1] Lawfullnterceptionldentif ier, 

— This identifier is associated to the target, 
time Stamp [ 3 ] Times tamp , 

— date and time of the event triggering the report . ) 
initiator [4] ENUMERATED 

{ 

not-Available (0), 
originating—Target (1) , 

— in case of GPRS, this indicates that the PDP context activation 

— or deactivation is MS requested 
terminating-Target (2), 

— in case of GPRS/ this indicates that the PDP context activation or 

— deactivation is network initiated 

} OPTIONAL, 

locationOfTbeTarget [8] Location OPTIONAL, 

— location of the target subscriber 

partylnformation [9] SET SIZE (1..10) OF Party In formation OPTIONAL, 

— This parameter provides the concerned party, the identiy(ies) of the party 

— )and all the information provided by the party. 

serviceCenterAddress [13]' Party Information OPTIONAL, 

— e.g. in case of SMS message this parameter provides the address of the 

relevant 

— server within the calling (if server is originating) or called (xf server is 

— terminating) party address parameters 

SMS [14] SMS-report OPTIONAL, 

— this parameter provides the SMS content and associated information 

national-Parameters [16] National-Parameters OPTIONAL, 

gpRSCorrelationNumber [18] GPRSCorrelationNumber OPTIONAL, 
gPRSevent [20] GPRSEvent OPTIONAL, 

— This information is used to provide particular action of the target 

— such as attach/detach 

sgsnAddress [21] DataNodeAddress OPTIONAL, 

gPRSOpexationErrorCode [22 J GPRSOperationErrorCode OPTIONAL, 

ggsnAddrese [24] DataNodeAddress OPTIONAL, 

qOS [25] UmtsQos OPTIONAL, 

networkldentifier [26] Network-Identifier OPTIONAL, 

sMSOriginatingAddress [27] DataNodeAddress OPTIONAL, 

sMSTerminatingAddress [28] DataNodeAddress OPTIONAL, 

iMSevent [29] IMSEvent OPTIONAL, 

sIPMessage [30] OCTET STRING OPTIONAL, 

servingSGSN-number [31] OCTET STRING (SIZE (1..20)) OPTIONAL, 

servingSGSN-addreas [32] OCTET STRING (SIZE (5.. 17)) OPTIONAL, 

servingSGSN-RAI [33] Ral OPTIONAL, 



> 
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******* Next Modification ******* 



GPRS Event : : = ENUMERATED 
{ 

pDPContextActivation (D , 

staxtOflnterceptionWithPDPContextActive (2), 

— reported by a new SGSN or GGSN .— 

pDPContextDeactivation ( 4 ) , 

10 gPRSAttach (5), 

gPRSDetach (6), 
loca tionlnf oUJpdata (10), 

— reported by a new SGSN 

sMS (ID r 

15 pDPContextModification (13), 

— reported by SGSN or GGSN 

servingSystem (14), 

— is it correct to leave this extensibility ellipsis here? 

20 qPRSAttachAnotherSGSN (15) , 

— reported by an old SGSN, if it receives the Identification Request message 

location Tnf oUpdate (16) , 

— reported by an old SGSN 

s tar tOf Inter cap tionWithPDPContextActive (17), 
25 — reported by an old SGSN 



30 



} 

— see ref [19£] 



35 and 

B) As to 3GPP TS 33.107 V5.3.0 (2002-06): 



«£» «1» *t» «i« +x* %i» ili sis its sfc 

******* Next Modification ******* 
7.3.2 Structure of the events 

There are eight different events in which the information 
is sent to the DF2 if this is required. Details are 
45 described in the following section. The events for 

interception are configurable (if they are sent to DF2) in 
the 3G GSN or the HLR and can be suppressed in the DF2 . 

The following events are applicable to 3G SGSN: 

- Mobile Station Attach; 
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- Mobile Station Detach; 

- PDP context activation; 

- Start of intercept with PDP context active; 

- PDP context modification; 

- PDP context deactivation; 

- RA update; 

- SMS . 

NOTE: 3G GGSN interception is a national option. Location 
information may not be available in this case. 

The following events are applicable to the 3G GGSN: 

- PDP context activation; 

- PDP context modification; 

- PDP context deactivation; 

- Start of interception with PDP context active. 

The following events are applicable to the HTiR: 

- Roaming. 

A set of fields as shown below is used to generate the 
events. The events transmit the information from 3G GSN or 
HLR to DF2. This set of fields as shown below can be 
extended in the 3G GSN or HLR, if this is necessary as a 
national option. DF2 can extend this information if this is 
necessary as a national option e.g. a unique number for 
each surveillance warrant. 
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Table 2: Information Events for Packet Data Event Records 



Observed MSISDN 

MSISDN of the target subscriber (monitored subscriber). 



Observed 1MSI 

IMSj of the target subscriber (monitored subscriber). 



ffEhSff the target subscriber (monitored subscriber),* shall be checked for each activation over the radio 
interface. — 



Description which type of event is delivered: MS attach, MS detach, PDP context activation, Start of intercept 
with PDP context active, PDP context deactivation, SMS, Serving System, Cell and/or RA update from new 
SGSN. Cell and/or RA update from old SGSN. PDP context modification from new SGSN, PDP context 



modification from GGSN. 



Event date 

Date of the event generation in the 3G GSN or the HLR. 



Event time 

Time of the event generation In the 3G GSN or the HLR. 



PDP address a . ^ m _ 

The PDP address of the target subscriber. Note that this address might be dynamic. 



Access Point Name 
The APN of the access point (Typically the GGSN of the other party). 



Location Infomlation is the Service Area Identity (SAI), RAI and/or location area identity that is present at the 
GSN at the time of event record production. 



PDP Type 
The used PDP type. 



Correlation Number 

The -correlation number is used to correlate CC and IRI. 



SMS 

The SMS content with header which is sent with the SMS-service. The header also includes the SMS-Centre 
address. 



Network Element Identifier JJnique identifier for the element reporting the ICE. 



Failed attach reason 

Reason for failed attach of the target subscriber. 



Failed context activation reason 

Reason for failed context activation of the target subscriber. 



I As 

The observed Interception Areas. 



Theln^tial^^^e PDP context activation, deactivation or modification request either the network or the 3G 
MS. — 



Initiator 

SMS indicator whether the SMS is MO or MT. 



Deactivation / termination cause 

The termination cause of the PDP context 



QoS . 
This field indicates the Quality of Service associated with the PDP Context procedure. 



Serving System Address _ _ 

Information about the serving system (e.g. serving SGSN MSjSDjlnumber, seiving SGSN RAI or serving 

SGSN address). . . 



******* Next Modification ******* 
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7.4.1 Mobile Station Attach 

For attach an attach-event is generated. When an attach 
activation is generated from the mobile to servicing 3G SG- 
SN this event is generated. These fields will be delivered 
to the DF2 if available: 



10 



Observed MSISDN 



Observed IMEI 



Event Type 



Event Time 



Observed IMSI 



Event Date 



Network Element Identifier 



Location Information 



Failed attach reason 



lAs (if applicable) 



In case the alternative serving system reporting is 
supported, and if the new SGSN sends the Identification 
Request to the old SGSN, then the old SGSN should deliver 
the following fields to the DF2: 



15 



Observed MSISDN 



Observed IMSI 



Observed IMEI 



Event Type 



Event Time 



Event Date 



Network Element Identifier 



Location Information 



NewSGSN's RAI 



Wl# «JW »lg WJ* 

•I* «^JW J* *I* 



7.4.6 RA update 



Next Modification 



wjy SI* wiw 

*x* *J* *T% ^x* 



For each RA update an update-event with the fields about 
the new location is generated. These fields will shall be 
delivered by new SGSN to the DF2 if available: 
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Observed MSISDN 

Observed fijjjsj 

Observed IME! 

Event Type 

Event Time 

Event Date 

Network Element Identifier 

Location information 

lAs (if applicable) 

These fields may be delivered by old SGSN to the DF2 if 
available: 

Observed MSISDN 

ObservedJMSI , 

Observed 1MEI 

Event Type „ 

Event Time 

Event Date 

Network Element Identifier 

Location information 

lAs (if applicable) _ 

New SGSN's Serving System Address 

******* Next Modification ******* 
7.4.8 Packet Data PDP context modification 

This event will shall b e generated if interception for a 
target is started and if the target has at least one PDP 
context active. These fields will shall b e delivere d by new 
10 SGSN to the DF2 if available: 



Observed MSISDN 

Observed IMS] 

Observed IMEj 

PDP address of observed party 

Event Type 

Event Time 

Event Date 

Correlation number 

Access Point Name 

PDP Type 

Network Element Identifier 

Location information 

lAs (if applicable) 

Session initiator 

QoS 



These fields may be delivered by GGSN to the DF2 if 
available: 
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Observed MS1SDN 

Observed IMS! 

PDP address of observed party 

Event Type 

Event Time 

Event Date 

Correlation number 

Access Point Name 

PDP Type 

Network Element Identifier 

Session Initiator 

QoS 

New SGSN's Serving System Address 

7.4.9 Serving System 

In case the network does not support alternative serving 
system reporting, ^ the Serving System report event is 
5 generated at the HLR, when the HLR has detected that the 
intercept subject has roamed. The fields will be delivered 
to the DF2 if available: 



Observed MS1SPN 
Observed IMSI 
Obs erved 1ME 4 

Event Type 

Event Time 

Event Date 

Network Element Identifier 

Serving System Address 

10 When the network supports the alternative serving system 
reporting, the following events shall be generated: 

• RA Update by old SGSN (in addition to the RA Update by 
new SGSN) 

• Packet Data PDP context modification by GGSN (in 

15 addition to the Packet Data PDP context modification 

by new SGSN) 

• Attach from the old SGSN in case the alternative 
serving system reporting is supported, and if the new 
SGSN sends the Identification Reguest to the old SGSN 

20 In order to support the alternative serving system 

reporting, new SGSN should put its own RAI and /or MSI SDN 
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number into the Private Extension IE of the following GTP-C 
messages: 

• SGSN Context Request/ sent to the old SGSN 

• Update PDP context Request , sent to GGSN 

5 Formats of the RAI and MSISDN number are e.g. defined in 
the GTP specification [7] 



While the invention has been described with reference to a 
10 preferred embodiment, the description is illustrative of 
the invention and is not to be construed as limiting the 
invention. Various modifications and applications may occur 
to those skilled in the art without departing from the true 
spirit and scope of the invention as defined by the 
15 appended claims. 
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Claims 

1. A method for informing a lawful interception system 
5 of the serving system 

serving an intercepted target (MS) 

roaming within a communication network 
system, 

the communication network system comprising 
10 at least one serving system 

each serving system comprising 

at least one serving system node (SGSN) serving 
the intercepted target for communication, 
the method comprising the steps of: 
15 first detecting a serving system node change request 

(1.) from the intercepted target (MS) towards a new serving 
system node which is currently not serving the target, 

first processing said serving system node change 
request at said new serving system node currently not 
20 serving the target, wherein said processing comprises the 
inclusion, to the request, of a serving system address of 
the new serving system node currently not serving the 
target, and 

first forwarding said processed request (2-) to an old 
25 serving system node currently serving the target. 

2. A method according to claim 1, wherein 

said old serving system node currently serving the 
target informs the interception system of the serving 
30 system address of the new serving system node. 

3. A method according to claim 1, further comprising 

second detecting at least one active communication 
context for said target, and in response thereto, 
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generating a communication context update request to 
which is included the serving system address of the new 
serving system node currently not serving the target, and 

second forwarding said generated request (6.) to a 
5 gateway serving system node (GGSN) of the serving system 
currently serving the intercepted target. 

4. A method according to claim 3, wherein 

said gateway serving system node (GGSN) informs the 
10 interception system of the serving system address of the 
new serving system node. 

5. A method according to claim l r 2, 3, or 4, wherein 

said serving system address of the new serving system 
15 node represents information about the serving system to 
which said new serving node belongs. 

6. A method according to claim 5, wherein 



20 said new serving node belongs comprises at least one of the 
following information items: serving node MSISDN number, 
serving node routing area identifier, serving node address. 

7. A method according to claim 6, wherein 



information items representative of a mobile country code 
MCC, mobile network code MNC, location area code LAC, and 
routing area code RAC. 

30 8. A serving system node of a serving system, 
the serving system node 

being adapted to serve an intercepted target (MS) 
for communication, and 

being connectable to a lawful interception 
35 system, 



said information about the serving system to which 



said serving node routing area identifier contains 
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the serving system node comprising: 

first detection means adapted for first detecting a 

serving system node change request (1.) from the 

intercepted target (MS), 
5 first processing means adapted for first processing 

said serving system node change request, wherein said 

processing is adapted to include, to the request, a serving 

system address of the serving system node, and 

first forwarding means adapted for first forwarding 
10 said processed request (2.) to another serving system node 

currently serving the target. 

9. A serving system node according to claim 8, comprising 

informing means adapted to inform the interception 
15 system of the serving system address of a new serving 

system node, said informing means being active in case said 
serving system node is currently serving the target. 

10. A serving system node according to claim 8, further 

20 comprising 

second detection means adapted for second detecting at 
least one active communication context for said target, and 

generation means, controlled by said second detection 
means, and adapted for generating a communication context 
25 update request to which is included the serving system 
address of the serving system node, and 

second forwarding means adapted for second forwarding 
said generated request (6.) to a gateway serving system 
node (GGSN) of the serving system currently serving the 
30 intercepted target. 

11. A serving system node according to claim 8, 9, or 10, 
wherein 
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said serving system address of the serving system node 
represents information about the serving system to which 
said new serving node belongs, 

5 12. A serving system node according to claim 11 , wherein 
said information about the serving system to which 
said serving node belongs comprises at least one of the 
following information items: serving node MSISDN number, 
serving node routing area identifier, serving node address - 

10 

13. A serving system node according to claim 12 , wherein 

said serving node routing area identifier contains 
information items representative of a mobile country code 
MCC, mobile network code MNC, location area code LAC, and 
15 routing area code RAC. 



WO 2004/010649 




12002/002841 



2/3 



MS 



Security Functions 



][ 



BSS 



1 . Routeing Area I Jpdate Request 



1 ^. Routeing Area 



12. Routeing Area 



new SGSN 



old SGSN 



2. SGSN Conte 



2 ^SGSN Context 1 tesponse 



GGSN 



:egt Request 



CI 



4. SGSN Cont^ t i Acknowledge 



cz 



5 JForward Packet: \ 



6. Update PDP Co itext Request 



6JUpdate PDP Co itext Response 



7. Update Location 



g ^Insei 



rt Subscriber Data 



9. Insert Subscriber Data Ack 



1 ^. Update Locati< »n Ack 



C2 



Update Accept 



CI 



Update Comple^ 



8^Cancel Locatior 



8. Cancel Locatioi Ack 



HLR 



Fig. 2 



3/3 



MgT] [_RAN] [newSGSN \ \ oldSGSN | j CGSN J (jEr] 



3. Identity I lequest 



3. Identity I jesponse 



^Authendcfation 



AttadiR quest 



^IMHChfck 



2. Identificatipi Request 



6. Delete PDP (Context Respoi se 



9^ Attach Apcept 



10. Attach <:omplete 



Identificatioi 



6. Delete PDP < Ibntext Reque * 
► 



7a. Update Location 



7£ Insert Suba riber Data 



U pdate Loc ation Ack 



CI 



1I.1MSI Real 



. Cancel L( cation 



7a Cancel Lc cation Ack 



7g. Insert Subs aiberDataAc c 



7dDeleteP DP Contexf Request 



7e. Del ete P 3P Contex ; Response 



8a. Location U xlate Request 



Location U xlate Accept 



ocation Comp 



ete 



new 




old 


MSOVLR 


| HLR | 


MSCyVLR 



8b. Update L xation 
^ 



8a Cancel Location 



8d Cancel Locatipn Ack 



^ Updat e L nation Ack 



S^. Insert Sul scriber Data 
8£ Insert ^ soiber Data A)clc 



Fig. 3 



INTERNATIONAL SEARCH REPORT 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 H04L12/26 H04Q7/38 H04L12/56 



According to International Patent Classification (IPC) or to both national classification and IPC 



KCI/IBI 



02841 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 7 H04L H04Q 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 

EPO-Internal 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ° Citation of document, with Indication, where appropriate, of the relevant passages 



Relevant to claim No. 



US 2002/078384 Al (HIPPELAINEN LASSI) 
20 June 2002 (2002-06-20) 
the whole document 

US 2002/049913 Al (J0KINEN HANNU ET AL) 
25 April 2002 (2002-04-25) 
the whole document 

-/-- 



1-13 



1-13 



m 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



° Special categories of cited documents : 



document defining the general state of the art which Is not 

considered to be of particular relevance 
earlier document but published on or after the international 

filing date 

document which may throw doubts on priority ctaim(s) or 
which Is cited to establish the publication date of another 
citation or other special reason (as specified) 

document referring to an oral disclosure, use, exhibition or 
other means 

document published prior to the International filing date but 
later than the priority date claimed 



T later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

■X' document of particular relevance; the claimed Invention 
cannot be considered novel or cannot be considered to 
involve an Inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed Invention 

cannot be considered to involve an Inventive step when the 
document Is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

document member of the same patent family 



Date of the actual completion of the international search 



6 February 2003 



Name and mailing address of the ISA 

European Patent Office, P.B. 5818 Patent laan 2 
NL-2280 HV Rijswijk 
TeL (+31-70) 340-2040, Tx. 31 651 epo nl, 
Fax: (+31-70)340-3016 



Date of mailing of the International search report 

27/02/2003 



Authorized officer 



Jimenez Hernandez, P 



brm PCT/ISA/210 (second sheet) (July 1992) 



INTERNATIONALS EARCH REPORT 



C(Contlnuation) DOCUMENTS CONSIDERED TOoE RELEVANT 



PCT/IB^P02841 



Category 8 Cftatlon of document, with Indication.where appropriate, of the relevant passages 



Relevant to claim No. 



"ETSI TS 133 107 V5.3.0 UMTS Lawful 
Interception Architecture and Functions 
(3GPP TS 33.107 v5.3.0 Release 5)" 
'Online! 

June 2002 (2002-06) XP002230228 
Retrieved from the Internet: <URL: 
http://webapp.etsi . org/action\PU/20020625/ 
ts_133107v050300p . pdf > 
'retrieved on 2003-02-06! 
cited 1n the application 
page 1 -page 68 



1-13 



INTERNATIONAL SEARCH REPORT 

M 


PCT/IB^^Q2841 


Patent document 
cited In search report 


Publication 
date 


Patent family 
member(s) 


Publication 
date 



US 2002078384 Al 20-06-2002 W0 0042742 Al 20-07-2000 

AU 2617399 A 01-08-2000 

EP 1142218 Al 10-10-2001 

JP 2002535883 T 22-10-2002 



US 2002049913 Al 


25-04-2002 WO 


0056029 Al 


21-09-2000 


AU 


3517899 A 


04-10-2000 




EP 


1159817 Al 


05-12-2001 




JP 


2002539716 T 


19-11-2002 



